Saturday, April 1, 2017

Creating a security group

AWS has different layers of security, Network ACL (1) and Security Groups (1) are a few of them. A single ACL and SG are created by default. The default ACL allows all the network in both the directions. And the default SG allows the inbound traffic from the machines in the same SG and outbound to anywhere. If this is a bit confusing, we will look at the SG and the ACL in a bit more detail in the coming blog.

SG are the first line and the ACL are the second line of defense. When we try to access an EC2 instance from our desktop/laptop, the packets have to pass through the rules of the ACL and then the rules of the SG before reaching the EC2 instance. As mentioned above, the default ACL allows both inbound and outbound traffic. But, a default SG allows traffic from other instances in the same SG and not from the outside world. Today we will look into creating a new SG, which will allow us to connect from our laptop or desktop.

Multiple SG can be associated with a single EC2 instance as show below. Now, the EC2 instance has port 80,22 and 23 opened. Similarly, a single SG can be associated with multiple EC2 instance. Now, the three EC2 instances on the right have the port 22 opened.

1) Go to the EC2 management console (1). Click on `Security Groups` in the left pane. The default SG should appear as shown below.

2) Click on `Create Security Group` and enter the SG name and description.

4) In the Inbound tab, click on `Add Rule` and specify the details as shown below. This SG says, open the port 22 for anyone to connect. Multiple ports can be opened like 80 for the http traffic, 23 for the ftp traffic etc.

5) Click on create and the SG will appear as shown below. Now, the SG can be associated with one or more EC2 instances.

Now we know the following

- Creating a Key Pair.
- Converting a pem file into ppk format.
- Creating a Security Group.

The basic work has been done, in the following blog we will look into creating a Linux EC2 instance.